New Revenge RAT Hits Market

Thursday, September 1, 2016 @ 03:09 PM gHale

A new Remote Access Tool (RAT) called Revenge is making the rounds via underground hacking forums.

The coder published the first version of the Revenge RAT June 28, when he provided a download link via Dev Point, a hacking forum visited by Arabic-speaking users. It appears the creator of Revenge is an Arabic-speaking malware coder going under the name of Napoleon.

At the time of its release, one of the 54 scanners on VirusTotal detected Revenge. This has changed of late and now over 40 scanners detect the first version as malicious.

Revenge v0.1 was a simple tool, according to a researcher known as Rui, who said in a blog post, the malware’s author didn’t even go to the effort to hide the RAT’s source code.

Revenge, written in Visual Basic, also didn’t feature too many working features, compared to similar RATs. Even Napolean admitted his tool was still in the early development stages, a reason why he provided the RAT for free.

Two months later, on August 21, Napoleon launched Revenge RAT v0.2. The RAT was still available for free and included more powerful features.

The latest Revenge RAT features the ability to open a remote shell, initiate remote desktop sessions, interact with the victim’s file manager, manage local OS processes, list active windows, manage OS services, and the ability to edit the victim’s Windows Registry.

Other features include a victim IP tracker, a keylogger, a clipboard manager, the ability to list installed programs, a hosts file editor, an OS startup management feature, a password dumper, and the ability to access the user’s webcam.